-userdir-ldap (0.3.23+common1) unstable; urgency=low
-
- [ Andreas Barth ]
- * Add compatibility to dchroot-dsa to ud-replicate.
- * Add (disabled) generation of authorized_keys suiteable for sshdist.
- * Add performance optimization by caching IP adresses in ud-generate
- (as a precondition for automatically adding aliases)
-
- [ Stephen Gran ]
- * ud-replicate: handle individual ssh keys
-
- [ Mark Hymers ]
- * ud-generate: handle individual ssh keys
-
- -- Mark Hymers <mhy@debian.org> Wed, 14 May 2008 22:09:22 +0100
+userdir-ldap (0.3.XX) Xnstable; urgency=low
+
+ * ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
+ * ud-replicate: Also support the imposter dchroot-dsa from the debian
+ archive. [aba, weasel]
+ * ud-generate: Add support for generation of authorized_keys file on
+ the db host for the sshdist user. This is now possible since
+ ud-replicate clients use their ssh host key to authenticate to the
+ db server. The code now supports this but the feature is still
+ disabled. [aba]
+ * ud-generate: Add performance optimization by resolving IP adresses
+ for hosts only once and caching the result. [aba]
-
- -- Peter Palfrader <weasel@debian.org> Sat, 17 May 2008 11:29:41 +0200
++ * ud-replicate, ud-generate: Instead of one big ssh-rsa-shadow file
++ ud-generate now produces per-user authorized_keys files and tars
++ them up. On the receiving end ud-replicate takes the tar and
++ syncs it to userkeys/. The goal here is to no longer require
++ a patched sshd. Setting AuthorizedKeysFile2 to
++ /var/lib/misc/userkeys/%u is sufficient. For homedir creation
++ we can use pam_mkhomedir. [mhy, sgran]
++
++ -- Peter Palfrader <weasel@debian.org> Sat, 17 May 2008 11:34:20 +0200
userdir-ldap (0.3.23) unstable; urgency=low
# Copyright (c) 2002-2003,2006 Ryan Murray <rmurray@debian.org>
# Copyright (c) 2004-2005 Joey Schulze <joey@infodrom.org>
# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
-# Copyright (©) 2008 Stephen Gran <sgran@debian.org>
++# Copyright (c) 2008 Stephen Gran <sgran@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
verbose=-v
fi
+ tempdir=''
+
+ cleanup ()
+ {
+ rm -f lock
+ rm -rf $tempdir
+ }
+
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
HOST=`hostname -f`
cd /tmp/
cd /var/lib/misc || cd /var/state/glibc/ || cd /var/db/
lockfile -r 1 -l 3600 lock
- trap "rm -f lock" exit
+ trap cleanup exit
case $HOST in
$LOCALSYNCON)
ln -sf `pwd -P`/ssh-rsa-shadow /etc/ssh
ln -sf `pwd -P`/ssh_known_hosts /etc/ssh
+ if [ -e ${HOST}/ssh-keys.tar.gz ]; then
+ export TMPDIR='/tmp/'
+ tempdir=$(mktemp -d)
+ old=$(pwd -P)
+ cd $tempdir && tar -xf ${old}/${HOST}/ssh-keys.tar.gz
+ cd $old
+ mkdir userkeys 2> /dev/null || true
+ chmod 755 $tempdir
+ rsync -a --delete-after $tempdir/ userkeys/
+ fi
+
+CHROOTS=""
if [ -x /usr/bin/dchroot ]; then
CHROOTS=`dchroot --listpaths`
-fi
-if [ -x /usr/bin/dchroot-dsa ]; then
- CHROOTS=$(dchroot-dsa -i | grep Location | awk '{print $2}')
+elif [ -x /usr/bin/dchroot-dsa ]; then
+ CHROOTS=$(dchroot-dsa -i | grep Location | awk '{print $2}')
fi
if [ -n "$CHROOTS" ]; then
for c in $CHROOTS; do